Open mxm199 opened 9 months ago
netstx
commented
9 months ago You can add custom NGINX config to the proxy host so that it adds headers to pass through the correct IP to origin server. If you search issues (open/closed) you may find some examples.
mxm199
commented
9 months ago But how to add a custom configuration to nginx itself, because the address 172.16.0.1 (gateway address) is displayed in its logs itself, and it makes no sense to add configurations to proxy hosts. Yes, I probably need an example, but I haven't found one yet. And is it possible, the Internet says that this is a limitation when deploying docker on Windows systems. Is it so?
dayueba
commented
7 months ago container network should be host not bridge
trisweb
commented
4 months ago Encountering this as well, just want to add: it's very unexpected that every service I proxy to sees only my router IP as the client IP. It would be great to have a simple option for proxy hosts to set these headers for convenience.
leonida92
commented
4 months ago I fixed it just by adding this line:
real_ip_header X-Forwarded-For;
in the advanced section of the proxy host. At least it works for my usecase.
naanlizard
commented
4 months ago I'm not sure why real_ip_header is allowed to be set in the advanced section, but unfortunately there's no way to set that for every proxy host (the advanced config file for proxy servers throws an nginx error if you try, because the real_ip_header is already set in the base http server in the real_ip_header section)
A quick docker exec nginxproxymanager-container-name sed -i 's/real_ip_header X-Real-IP;/real_ip_header X-Forwarded-For;/' /etc/nginx/nginx.conf && docker restart nginxproxymanager-container-name fixes this, and fixes access lists not working with cloudflare as well.
I'm not sure why this bug is allowed to exist, it's pretty bad if you want to use the cloudflare proxy or generally get accurate IP addresses from your clients
thezoggy
commented
2 months ago was going crazy trying to figure out why access lists in nginxproxymanager just would never work.
found a few different ghi where you think oh its just bugs with it not applying config or how it applies it.. tried restarting or various other solutions but no go. eventually debug to find out that its: https://github.com/NginxProxyManager/nginx-proxy-manager/blob/develop/docker/rootfs/etc/nginx/nginx.conf#L68
thought maybe i could override by just doing custom/http_top.conf with "real_ip_header X-Forwarded-For;" but sadly wont work.
then found this ghi which was exact same issue, and can confirm the only fix is to go add it as advanced config for each proxy host. that way the actual real remote ip shows up and the acl work as expected.
Good day to everyone, looking for help, tips
In short, there is such a scheme of the home network
There is nothing between the router and NPM, just a direct port forwarding to the container with the NPM (192.168.0.200 80, 443).
Used docker-compose -
A network has been created
docker network create --subnet=172.16.0.0/24 dockernetHosts have been added to NPM, everything works fine, full Internet access to all resources
To view logs, I use goaccess (xavierh/goaccess-for-nginxproxymanager). But the whole problem is that only one client address appears everywhere in the log - 172.16.0.1 (takes information (parses) for display directly from the npm logs folder).
Is it possible on this configuration to ensure that the logs display the real addresses of connecting clients? All the options found on the Internet and suggested by chatgpt :) did not help me. It’s possible, of course, to configure the router settings, but I didn’t find anything suitable in the standard firmware...